Police now routinely crack and extract all phone data from arrestees

From the Boing Boing Shop

Follow Us

Muckrock filed Freedom of Information Requests with multiple US police forces to find out how they were using "mobile phone forensic extraction devices" -- commercial devices that suck all the data out of peoples' phones and make it available for offline browsing.

They discovered that the practice of sucking up the entirety of arrestees' phones was incredibly common, and that often, cops sucked up this data without a warrant, after first obtaining "consent" from arrestees.

Mobile phones are troves of sensitive personal information, which is presumably why the police are so interested in them. But the same data-richness that interests police departments should also give us pause: it's never been the case that a cop busting a low-level, nonviolent offender would be allowed to probe that person's entire network of friends and relations; read all the correspondence between the arrestee and their doctors, lawyers, kids and spouse; get a neat list of all the places the person had visited; and be able to look at everything from bank balances to spending history.

The major provider of mobile forensic tools is the Israeli firm Cellebrite, who made headlines when the FBI revealed that they'd used a Cellebrite tool to crack the San Bernadino shooters' phones, and then again when a hacker dumped 900GB worth of internal Cellebrite info, revealing that the company routinely repackaged hacking tools from the darkweb and sold them to police departments without first verifying that these weren't leaking data to third parties or otherwise creating risks for their users and their targets.

The kicker really is how often these are being used - it is simply really hard to believe that out of the 783 times Tulsa Police used their extraction devices, all were for crimes in which it was necessary to look at all of the phone’s data. Even for the 316 times Tucson PD used theirs in the last year, it is still a real stretch to think that some low-level non-violent offenders weren’t on the receiving end. There are some days where the devices were used multiple times - Tulsa used theirs eight times on February 28th of this year, eight again on April 3rd, and a whopping 14 times on May 10th 2016. That is a whole lot of data that Tulsa was able to tap into, and we aren’t even able to understand the why.

One “preview sheet” we received from Tucson had a column for whether they received a warrant to crack into the phone, or whether the user gave them consent. It is easy to imagine a scenario where someone doesn’t want to risk angering police by refusing consent, or even just didn’t fully understand what they were consenting to.

Predpol (previously) is a "predictive policing" company that sells police forces predictive analytics tools that take in police data about crimes and arrests and spits out guesses about where the police should go to find future crimes.

Michigan's brilliant businessman governor Rick Snyder has slashed the state's budget over and over, in service to an electorate who would vote for a smear of roadkill if it would promise to knock a dollar off their tax-bills.

Ever wondered what it takes to make the transition from amateur photography to a full career? If you answered “a better camera,” you’re half right. Before you get the equipment, get the know-how to use it with the Hollywood Art Institute Photography Course & Certification. Taught by experienced pros, this course is geared towards shutterbugs […]

Anyone can learn piano, but don’t tell that to the bored kids who had to endure hours of “Chopsticks” and similar drills in their music lessons. Today, there’s a better way. Pianoforall lets you jump right in to discover what makes music fun, leaving you eager to learn more. In a simple but innovative approach, […]